A GAME THEORETIC APPROACH TO SAFEGUARD SELECTION ...
A GAME THEORETIC APPROACH TO SAFEGUARD SELECTION AND OPTIMIZATION Rebecca Ward July 8, 2011 The University of Texas at Austin DoD/DHS Nuclear Forensics Graduate Fellowship Co-Author: Erich Schneider
Motivation • Expansion of nuclear power and divergence of fuel cycles
pose new challenges for safeguards regime
• Probabilistic Risk Assessment (PRA) may not be the best
method (NRC 2010)
• Does not account for ability of intelligent adversary to
respond and adapt
• Use of game theory will address this issue
Purpose • Proof-of-concept model to demonstrate utility of game
theory • Coupled discrete event simulator and game theoretic model • Conduct sensitivity analysis by varying relevant parameters and assessing strategy selection
Game theoretic model
Discrete Event Simulator
General Methodology • Threat scenario: • Attacker seeks to divert 1 kg of material from a safeguarded facility over 30-day period • Two-person, zero-sum game • Inspector (“defender”) seeks to maximize detection probability • Proliferator (“attacker”) seeks to minimize detection probability • Simple DES developed in Excel populates game theoretic
model
Theory • Cournot game- Non-transparent defense strategy • Maxmin = Minmax for system in equilibrium Attacker
y1
y2
x1
3
4
3
x2
2
1
1
3
4
compl7 …mod1 low1
Defender
r1
r2
…
rn
p11
p12
p1n
p21
p22
p2n
p31
p32
p3n
Discrete Event Simulator
• Defender is cost-constrained • Attacker options: • Can divert in any even number of days between 2 and 30 • Length of Diversion- related to initial detection probability
1.2000
1.0000
0.8000 Initial Detection Probability
• Defender options: • Frequency- daily to weekly • Dependence- low, moderate, high, complete
0.6000
0.4000
0.2000
0.0000 10
100 dm/dt (kg/d) High variance
Low variance
1000
Discrete Event Simulator • Extends insider theft methodology presented in Durán
2010 (Sandia National Lab/UT Austin)
• Human reliability analysis used to incorporate dependency in
MC&A activities
• Background detection probability used as surrogate for all
safeguarding activities not explicitly modeled • Ranged from 0.0001 to 0.1 [day-1]
Results- Attacker Strategy 1.010
1.000
Detection Probability
0.990
0.980 Daily Every 2 days
0.970
Every 3 days
0.960
Every 4 days Every 5 days
0.950
Every 6 days
0.940
Weekly
0.930
Inspection Frequency
0.920 0
5
10
15
20
Length of Diversion (days)
25
30
Results- Sensitivity Analysis Pb B ($) 5
0.0001 Defender LOD strategy comp6 30
0.001 Defender LOD strategy comp6 30
0.01 Defender LOD strategy comp6 26
0.1 Defender LOD strategy comp6 14
10
high7
30
high7
30
high7
30
high6
16
30
mod4
30
mod4
30
mod4
30
mod4
20
40
mod3
30
mod3
30
mod3
30
mod3
18
50
mod3
30
mod3
30
30
mod3
18
60
low4
30
low4
30
28
mod2
22
70
low4
30
low4
30
28
mod2
22
80
low3
30
low3
30
mod3 low4 0.995; mod2 0.005 low4 0.995; mod2 0.005 low3
30
low3
18
100
low3
30
low3
30
low3
30
low3
18
120
low2
30
low2
30
low2
30
low2
22
150
low2
30
low2
30
low2
30
low2
22
200
low2
30
low2
30
low2
30
low2
22
250
low1
30
low1
30
low1
30
low1
28
Results- Overall Detection Probability
Conclusions and Future Work • Demonstrated utility of game theory for modeling simple
diversion scenario
• Provides insight into incremental benefit of adding
element to existing safeguards regime
• Construct inspector timelines in more realistic way • Adjust defense strategy cost assignments • Expand scope of DES to incorporate full menu of
transparent and non-transparent safeguarding options
Motivation • Expansion of nuclear power and divergence of fuel cycles
pose new challenges for safeguards regime
• Probabilistic Risk Assessment (PRA) may not be the best
method (NRC 2010)
• Does not account for ability of intelligent adversary to
respond and adapt
• Use of game theory will address this issue
Purpose • Proof-of-concept model to demonstrate utility of game
theory • Coupled discrete event simulator and game theoretic model • Conduct sensitivity analysis by varying relevant parameters and assessing strategy selection
Game theoretic model
Discrete Event Simulator
General Methodology • Threat scenario: • Attacker seeks to divert 1 kg of material from a safeguarded facility over 30-day period • Two-person, zero-sum game • Inspector (“defender”) seeks to maximize detection probability • Proliferator (“attacker”) seeks to minimize detection probability • Simple DES developed in Excel populates game theoretic
model
Theory • Cournot game- Non-transparent defense strategy • Maxmin = Minmax for system in equilibrium Attacker
y1
y2
x1
3
4
3
x2
2
1
1
3
4
compl7 …mod1 low1
Defender
r1
r2
…
rn
p11
p12
p1n
p21
p22
p2n
p31
p32
p3n
Discrete Event Simulator
• Defender is cost-constrained • Attacker options: • Can divert in any even number of days between 2 and 30 • Length of Diversion- related to initial detection probability
1.2000
1.0000
0.8000 Initial Detection Probability
• Defender options: • Frequency- daily to weekly • Dependence- low, moderate, high, complete
0.6000
0.4000
0.2000
0.0000 10
100 dm/dt (kg/d) High variance
Low variance
1000
Discrete Event Simulator • Extends insider theft methodology presented in Durán
2010 (Sandia National Lab/UT Austin)
• Human reliability analysis used to incorporate dependency in
MC&A activities
• Background detection probability used as surrogate for all
safeguarding activities not explicitly modeled • Ranged from 0.0001 to 0.1 [day-1]
Results- Attacker Strategy 1.010
1.000
Detection Probability
0.990
0.980 Daily Every 2 days
0.970
Every 3 days
0.960
Every 4 days Every 5 days
0.950
Every 6 days
0.940
Weekly
0.930
Inspection Frequency
0.920 0
5
10
15
20
Length of Diversion (days)
25
30
Results- Sensitivity Analysis Pb B ($) 5
0.0001 Defender LOD strategy comp6 30
0.001 Defender LOD strategy comp6 30
0.01 Defender LOD strategy comp6 26
0.1 Defender LOD strategy comp6 14
10
high7
30
high7
30
high7
30
high6
16
30
mod4
30
mod4
30
mod4
30
mod4
20
40
mod3
30
mod3
30
mod3
30
mod3
18
50
mod3
30
mod3
30
30
mod3
18
60
low4
30
low4
30
28
mod2
22
70
low4
30
low4
30
28
mod2
22
80
low3
30
low3
30
mod3 low4 0.995; mod2 0.005 low4 0.995; mod2 0.005 low3
30
low3
18
100
low3
30
low3
30
low3
30
low3
18
120
low2
30
low2
30
low2
30
low2
22
150
low2
30
low2
30
low2
30
low2
22
200
low2
30
low2
30
low2
30
low2
22
250
low1
30
low1
30
low1
30
low1
28
Results- Overall Detection Probability
Conclusions and Future Work • Demonstrated utility of game theory for modeling simple
diversion scenario
• Provides insight into incremental benefit of adding
element to existing safeguards regime
• Construct inspector timelines in more realistic way • Adjust defense strategy cost assignments • Expand scope of DES to incorporate full menu of
transparent and non-transparent safeguarding options
